11:44 p.m.
I am trying to use the token exchange preview feature.
I have enabled it OK, and can see it in the UI server info as a preview
feature (not a disabled feature).
But I'm getting an error, that the client is not allowed to perform the
exchange. The docs clearly say that I need to enable a permission on the
Identity Provider
https://www.keycloak.org/docs/6.0/securing_apps/index.html#_grant_permiss...
My problem is that I do not see the Permissions tab when I look at the
IDP... :(
Can anyone suggest why the Permissions tab might be hidden?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
6:15 a.m.
Hi James,
How did you enable the token exchange preview feature? When I tried to
start the server with -Dkeycloak.profile=preview I can see the Permissions
tab. However with -Dkeycloak.profile.feature.token_exchange=enabled I can't
see it either.
If this is the case can you please file a Jira as this seems as bug to me.
Note that I tried with 8.0.0-SNAPSHOT.
Thanks,
Martin
On Tue, Sep 3, 2019 at 6:47 AM James Mitchell <jamesm(a)suitebox.com> wrote:
I am trying to use the token exchange preview feature.
I have enabled it OK, and can see it in the UI server info as a preview
feature (not a disabled feature).
But I'm getting an error, that the client is not allowed to perform the
exchange. The docs clearly say that I need to enable a permission on the
Identity Provider
https://www.keycloak.org/docs/6.0/securing_apps/index.html#_grant_permiss...
My problem is that I do not see the Permissions tab when I look at the
IDP... :(
Can anyone suggest why the Permissions tab might be hidden?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:51 p.m.
Hi James,
Try also enabling admin_fine_grained_authz feature, in addition to token_exchange
feature.
Cheers,
Peter
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
On Behalf Of James Mitchell
Sent: Tuesday, September 3, 2019 12:44 AM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Permission fro token exchange
I am trying to use the token exchange preview feature.
I have enabled it OK, and can see it in the UI server info as a preview feature (not a
disabled feature).
But I'm getting an error, that the client is not allowed to perform the exchange. The
docs clearly say that I need to enable a permission on the Identity Provider
https://www.keycloak.org/docs/6.0/securing_apps/index.html#_grant_permiss...
My problem is that I do not see the Permissions tab when I look at the IDP... :(
Can anyone suggest why the Permissions tab might be hidden?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:34 p.m.
That worked!
So the fine grained authz feature handles whether the UI is visible, and
the token exchange feature handles whether the server supports token
exchange at all.
Thanks guys,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Wed, 4 Sep 2019 at 09:52, Nalyvayko, Peter <pnalyvayko(a)agi.com> wrote:
Hi James,
Try also enabling admin_fine_grained_authz feature, in addition to
token_exchange feature.
Cheers,
Peter
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <
keycloak-user-bounces(a)lists.jboss.org> On Behalf Of James Mitchell
Sent: Tuesday, September 3, 2019 12:44 AM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Permission fro token exchange
I am trying to use the token exchange preview feature.
I have enabled it OK, and can see it in the UI server info as a preview
feature (not a disabled feature).
But I'm getting an error, that the client is not allowed to perform the
exchange. The docs clearly say that I need to enable a permission on the
Identity Provider
https://www.keycloak.org/docs/6.0/securing_apps/index.html#_grant_permiss...
My problem is that I do not see the Permissions tab when I look at the
IDP... :(
Can anyone suggest why the Permissions tab might be hidden?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1961
days inactive
1961
days old
3 comments
3 participants
participants (3)
-
James Mitchell -
Martin Kanis -
Nalyvayko, Peter